Trying to get http response over https and basic authentication - getting “Unauthorized”

Question

I'm trying to use this API . The problem is to get a JSON object with a GET method over https. I don't know why, but I get on the output HTTP/1.1 401 Unauthorized . user and password are correct. What am I doing wrong?

The file /Users/pmichna/Desktop/my.truststore was generated by

keytool -import -alias "my server cert" -file server.crt -keystore my.truststore

where server.crt is the certificate downloaded with Firefox.

My code:

public class Locator
{
    private final String url;
    private String host;

    public Locator(String host, int port)
    {
        url = "https://" + host + ":" + port + "/rest/terminal_location/location?query=";
        this.host = host;
    }

    protected static TrustManager[] getTrustManagers(String trustStoreType, InputStream trustStoreFile) throws Exception {
        KeyStore trustStore = KeyStore.getInstance(trustStoreType);
        trustStore.load(trustStoreFile, null);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        tmf.init(trustStore);
        return tmf.getTrustManagers();
    }

    public void GetPhoneLocation(String phoneNumber, int acceptableAccuracy, int requestedAccuracy, Tolerance tolerance, int maxAge, int responseTime)
    {
        String charset = "UTF-8";
        String rawQuery = String.format(getLocationQuery(phoneNumber, acceptableAccuracy, requestedAccuracy, tolerance, maxAge, responseTime));
        DefaultHttpClient httpClient = new DefaultHttpClient();
        httpClient.getCredentialsProvider().setCredentials(
                new AuthScope("https://openmiddleware.pl", 443),
                new UsernamePasswordCredentials("user", "pass"));
        try
        {
            String encodedQuery = URLEncoder.encode(rawQuery, charset);
            SSLContext ctx = SSLContext.getInstance("SSL");
            TrustManager[] trustManagers = getTrustManagers("jks", new FileInputStream(new File("/Users/pmichna/Desktop/my.truststore")));
            ctx.init(null, trustManagers, null);
            SSLSocketFactory factory = new SSLSocketFactory(ctx, new      StrictHostnameVerifier());

            ClientConnectionManager manager = httpClient.getConnectionManager();
            manager.getSchemeRegistry().register(new Scheme("https", 443, factory));
            HttpGet httpget = new HttpGet(url + encodedQuery);

            System.out.println("executing request" + httpget.getRequestLine());

            HttpResponse response = httpClient.execute(httpget);
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            System.out.println(EntityUtils.toString(entity));
            if (entity != null) {
                System.out.println("Response content length: " + entity.getContentLength());
            }
            EntityUtils.consume(entity);
        } catch (IOException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (Exception e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        finally
        {
            httpClient.getConnectionManager().shutdown();
        }
    }

    public enum Tolerance
    {
        //[...]
    }

    private String getLocationQuery(String phoneNumber, int acceptableAccuracy, int requestedAccuracy, Tolerance tolerance, int maxAge, int responseTime)
    {
        //[...]
    }
}

Output:

HTTP/1.1 401 Unauthorized
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Draft//EN">
<HTML>
<HEAD>
<TITLE>Error 401--Unauthorized</TITLE>
<META NAME="GENERATOR" CONTENT="WebLogic Server">
</HEAD>
<BODY bgcolor="white">
<FONT FACE=Helvetica><BR CLEAR=all>
<TABLE border=0 cellspacing=5><TR><TD><BR CLEAR=all>
<FONT FACE="Helvetica" COLOR="black" SIZE="3"><H2>Error 401--Unauthorized</H2>
</FONT></TD></TR>
</TABLE>
<TABLE border=0 width=100% cellpadding=10><TR><TD VALIGN=top WIDTH=100% BGCOLOR=white><FONT FACE="Courier New"><FONT FACE="Helvetica" SIZE="3"><H3>From RFC 2068 <i>Hypertext Transfer Protocol -- HTTP/1.1</i>:</H3>
</FONT><FONT FACE="Helvetica" SIZE="3"><H4>10.4.2 401 Unauthorized</H4>
</FONT><P><FONT FACE="Courier New">The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.46) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity MAY include relevant diagnostic information. HTTP access authentication is explained in section 11.</FONT></P>
</FONT></TD></TR>
</TABLE>

</BODY>
</HTML>

Answer 1

You're incorrectly utilizing the AuthScope

    httpClient.getCredentialsProvider().setCredentials(
            new AuthScope("https://openmiddleware.pl", 443),
            new UsernamePasswordCredentials("user", "pass"));

It should be

    httpClient.getCredentialsProvider().setCredentials(
            new AuthScope("openmiddleware.pl", 443),
            new UsernamePasswordCredentials("user", "pass"));

AuthScope takes a hostname and a port number.